News Archives

Thursday, January 14, 2016

Russia Targeting Multi-nationals under Data Localization Law

According to a January 7 report by Reed Smith, Roskomnadzor, the Russian data protection authority, recently announced its intention to step up enforcement of the Data Localization Law. The DPA stated that it would conduct about 1,000 compliance audits and another 2,000 monitoring procedures during 2016, with multi-nationals believed to be primary target of the reviews. During 2015, Roskomnadzor carried out 300 audits, focusing mainly on domestic companies. The law, which came into effect on September 15, 2015, requires that all companies collecting or processing personal data of Russian citizens, do so on servers located within Russia. Companies also have an obligation to notify Roskomnadzor of the location of such servers.Separately, it was reported that China's controversial new counter-terrorism law, passed on December 27, omitted a provision found in earlier drafts that would have required companies to maintain Chinese data on servers located within China. Whether by explicit legal compulsion or by government and marketplace pressures, data localization continues to be a global phenomenon spurred by revelations of NSA mass surveillance.